US CISA have added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog.
Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal data from organizations.
MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads
The vulnerability is a SQL injection vulnerability, it an be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.
CISA orders federal agencies to fix this flaw by June 23, 2023.
